VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

24
1 VERSION HISTORY VERSION APPROVED BY REVISION DATE DESCRIPTION OF CHANGE AUTHOR PREPARED BY TITLE DATE APPROVED BY TITLE DATE VULNERABILITY ASSESSMENT REPORT

Transcript of VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

Page 1: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

1

VERSION HISTORY

VERSION APPROVED BY REVISION DATE DESCRIPTION OF CHANGE AUTHOR

PREPARED BY TITLE DATE

APPROVED BY TITLE DATE

VULNERABILITY ASSESSMENT REPORT

http://bit.ly/2V24xq7
http://bit.ly/2Xr4AKV
Page 2: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

2

TABLE OF CONTENTS TABLE OF CONTENTS ............................................................................................................................................................. 2

1. INTRODUCTION ............................................................................................................................................................. 4

2. PROJECT SCOPE ........................................................................................................................................................... 4

A. IN SCOPE .................................................................................................................................................................... 4

B. OUT OF SCOPE ........................................................................................................................................................... 4

3. ACTIVITIES SCHEDULE ................................................................................................................................................... 5

A. FIRST DAY .................................................................................................................................................................... 5

B. SECOND DAY ............................................................................................................................................................. 5

C. THIRD DAY ................................................................................................................................................................... 5

4. BACKGROUND INFORMATION .................................................................................................................................... 6

5. CLIENT ORGANIZATION ................................................................................................................................................ 6

6. ASSET IDENTIFICATION .................................................................................................................................................. 7

A. ASSET IDENTIFICATION PROCESS .............................................................................................................................. 7

B. TANGIBLE ASSETS ........................................................................................................................................................ 7

C. INTANGIBLE ASSETS .................................................................................................................................................... 7

7. THREAT ASSESSMENT ..................................................................................................................................................... 8

A. THREAT ASSESSMENT PROCESS ................................................................................................................................. 8

B. THREATS TO THE CLIENT ORGANIZATION ................................................................................................................. 8

B1. NATURAL THREATS ........................................................................................................................................................ 8

B2. INTENTIONAL THREATS .................................................................................................................................................. 8

B3. UNINTENTIONAL THREATS ............................................................................................................................................. 8

8. LAWS, REGULATIONS, AND POLICY ............................................................................................................................ 9

9. FEDERAL LAW AND REGULATION ................................................................................................................................ 9

10. CLIENT ORGANIZATION POLICY .................................................................................................................................. 9

A. VULNERABILITIES: CLIENT ORGANIZATION POLICY ................................................................................................ 10

11. PERSONNEL .................................................................................................................................................................. 11

A. MANAGEMENT ......................................................................................................................................................... 11

B. OPERATIONS ............................................................................................................................................................. 11

C. DEVELOPMENT ......................................................................................................................................................... 11

D. VULNERABILITIES: PERSONNEL ................................................................................................................................. 12

12. NETWORK SECURITY .................................................................................................................................................... 13

A. PUBLIC NETWORK RESOURCES AND SITES .............................................................................................................. 13

B. PARTNER CONNECTIONS AND EXTRANETS ............................................................................................................ 13

C. VULNERABILITIES: NETWORK SECURITY ................................................................................................................... 14

Page 3: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

3

13. SYSTEM SECURITY ........................................................................................................................................................ 15

A. VULNERABILITIES: SYSTEM SECURITY ........................................................................................................................ 15

14. APPLICATION SECURITY .............................................................................................................................................. 16

A. VULNERABILITIES: APPLICATION SECURITY ............................................................................................................. 16

15. OPERATIONAL SECURITY ............................................................................................................................................ 17

A. VULNERABILITIES: OPERATIONAL SECURITY ............................................................................................................ 17

16. PHYSICAL SECURITY .................................................................................................................................................... 18

A. VULNERABILITIES: PHYSICAL SECURITY .................................................................................................................... 18

B. VULNERABILITIES: BUILDING ..................................................................................................................................... 19

C. VULNERABILITIES: PERIMETER SECURITY ................................................................................................................... 20

D. VULNERABILITIES: SERVER AREA .............................................................................................................................. 21

17. SUMMARY .................................................................................................................................................................... 22

18. ACTION PLAN .............................................................................................................................................................. 22

19. REFERENCES ................................................................................................................................................................ 23

Page 4: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

4

1. INTRODUCTION

2. PROJECT SCOPE

A. IN SCOPE

B. OUT OF SCOPE

Page 5: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

5

3. ACTIVITIES SCHEDULE A. FIRST DAY

B. SECOND DAY

C. THIRD DAY

Page 6: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

6

4. BACKGROUND INFORMATION

5. CLIENT ORGANIZATION

Page 7: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

7

6. ASSET IDENTIFICATION A. ASSET IDENTIFICATION PROCESS

B. TANGIBLE ASSETS

C. INTANGIBLE ASSETS

Page 8: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

8

7. THREAT ASSESSMENT A. THREAT ASSESSMENT PROCESS

B. THREATS TO THE CLIENT ORGANIZATION B1. NATURAL THREATS

B2. INTENTIONAL THREATS

B3. UNINTENTIONAL THREATS

Page 9: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

9

8. LAWS, REGULATIONS, AND POLICY

9. FEDERAL LAW AND REGULATION

10. CLIENT ORGANIZATION POLICY

Page 10: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

10

A. VULNERABILITIES: CLIENT ORGANIZATION POLICY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 11: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

11

11. PERSONNEL

A. MANAGEMENT

B. OPERATIONS

C. DEVELOPMENT

Page 12: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

12

D. VULNERABILITIES: PERSONNEL

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 13: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

13

12. NETWORK SECURITY

A. PUBLIC NETWORK RESOURCES AND SITES

B. PARTNER CONNECTIONS AND EXTRANETS

Page 14: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

14

C. VULNERABILITIES: NETWORK SECURITY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 15: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

15

13. SYSTEM SECURITY

A. VULNERABILITIES: SYSTEM SECURITY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 16: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

16

14. APPLICATION SECURITY

A. VULNERABILITIES: APPLICATION SECURITY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 17: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

17

15. OPERATIONAL SECURITY

A. VULNERABILITIES: OPERATIONAL SECURITY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 18: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

18

16. PHYSICAL SECURITY

A. VULNERABILITIES: PHYSICAL SECURITY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 19: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

19

B. VULNERABILITIES: BUILDING

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 20: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

20

C. VULNERABILITIES: PERIMETER SECURITY

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 21: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

21

D. VULNERABILITIES: SERVER AREA

VULNERABILITY EXPLANATION RISK RECOMMENDATION

Page 22: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

22

17. SUMMARY

18. ACTION PLAN

Page 23: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

23

19. REFERENCES

Page 24: VULNERABILITY ASSESSMENT REPORT - Smartsheet Inc.

24

DISCLAIMER Any articles, templates, or information provided by Smartsheet on the website are for reference only. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, templates, or related graphics contained on the website. Any reliance you place on such information is therefore strictly at your own risk.


Bluetooth Vulnerability Assessment - Champlain …...Bluetooth Vulnerability Assessment Page 2 of 12 Introduction The Bluetooth Vulnerability Assessment project evaluated the capabilities

Bluetooth Vulnerability Assessment - Champlain …...Bluetooth Vulnerability Assessment Page 2 of 12 Introduction The Bluetooth Vulnerability Assessment project evaluated the capabilities

Vulnerability and Capacity Assessment (VCA): Sustainable ... · Vulnerability and Capacity Assessment (VCA): ... ‘6W2H’ Technique ... Overall Vulnerability and Capacity Assessment

Vulnerability and Capacity Assessment (VCA): Sustainable ... · Vulnerability and Capacity Assessment (VCA): ... ‘6W2H’ Technique ... Overall Vulnerability and Capacity Assessment

Vulnerability Assessment Course Applications Assessment.

Vulnerability Assessment Course Applications Assessment.

Vulnerability Assessment Methodologies

Vulnerability Assessment Methodologies

Windows Assessment Vulnerability Assessment Course.

Windows Assessment Vulnerability Assessment Course.

Water Vulnerability Assessment

Water Vulnerability Assessment

VULNERABILITY ASSESSMENT AND

VULNERABILITY ASSESSMENT AND

Vulnerability Assessment Course Vulnerability Assessment Tools.

Vulnerability Assessment Course Vulnerability Assessment Tools.

Vulnerability Assessment - North Dakota University …ndus.edu/uploads/resources/5410/ndus-vulnerability-assessment... · North Dakota University System Vulnerability Assessment NDUS

Vulnerability Assessment - North Dakota University …ndus.edu/uploads/resources/5410/ndus-vulnerability-assessment... · North Dakota University System Vulnerability Assessment NDUS

SSR149 Vulnerability Assessment

SSR149 Vulnerability Assessment

Vulnerability assessment methods

Vulnerability assessment methods

Vulnerability Assessment Article

Vulnerability Assessment Article

Security Vulnerability Self- Assessment Guide for Water ... · Security Vulnerability Self-Assessment Guide for Water ... Division of Drinking Water. ... Security Vulnerability Self-Assessment

Security Vulnerability Self- Assessment Guide for Water ... · Security Vulnerability Self-Assessment Guide for Water ... Division of Drinking Water. ... Security Vulnerability Self-Assessment

Network Vulnerability Assessment - Northwestern … Security Vulnerability Assessment Program Network Vulnerability Assessment Conducted by: Information Systems Security and Compliance

Network Vulnerability Assessment - Northwestern … Security Vulnerability Assessment Program Network Vulnerability Assessment Conducted by: Information Systems Security and Compliance

HAZARD VULNERABILITY ASSESSMENT - San …hsd.smcsheriff.com/sites/default/files/downloadables/2 - Hazard...san mateo county hazard vulnerability assessment hazard vulnerability assessment

HAZARD VULNERABILITY ASSESSMENT - San …hsd.smcsheriff.com/sites/default/files/downloadables/2 - Hazard...san mateo county hazard vulnerability assessment hazard vulnerability assessment

Vulnerability assessment

Vulnerability assessment

Vulnerability Assessment Tools

Vulnerability Assessment Tools

Efficient Distributed Vulnerability Assessment by ...infonomics-society.org/.../Efficient-Distributed-Vulnerability-Assessment-by-.pdf · Efficient Distributed Vulnerability Assessment

Efficient Distributed Vulnerability Assessment by ...infonomics-society.org/.../Efficient-Distributed-Vulnerability-Assessment-by-.pdf · Efficient Distributed Vulnerability Assessment

Vulnerability Assessment Framework

Vulnerability Assessment Framework

Seismic vulnerability assessment

Seismic vulnerability assessment